The days of casual hackers going about their efforts for little more than bragging rights have now morphed into big business where the financial rewards can be substantial. It is estimated that the makers of the ransom-ware Cryptolocker have already collected millions of ransom dollars (forbes.com) for that system alone. When you consider all the viruses on the Internet, the amount of revenue these nefarious coders are collecting is mind boggling.
Hackers represent much of the threat landscape for many industries, and the legal industry is no exception. With pop culture today portraying them as both heroes and villains, it is sometimes difficult to really understand what exactly is going on. Below are the types of hackers that represent the biggest risk to law firms.
A “Black Hat” hacker is the stereo-typical bad guy out to make a living off of your personal information. Pop culture has painted the picture of these people as nerds that spend all their time down in the basement of their mother’s house. This is only partially true; there have been an influx in businesses around the globe that hire black hats for malicious development. These groups of hackers are legitimizing their dealings by creating applications and hiding their malicious code inside. The information they are after covers a wide spectrum. Anything with personal information, bank information, friend information, and what sites you purchase from can all be targets. Governments try and keep black hats behind bars; however, because of ever-changing tools that keep users anonymous, that task is becoming more difficult.
“Script Kiddies” are the new people of hacking. They use publicly available, pre-packaged automated tools written by others. Automated tools are often found with malware written into them. It is easier for black hats to get script kiddies to do the leg work and have all the data report back to the original author. The average age of this group is typically low.
“Nation-State” hackers are a very real threat. Nation State hackers are not specifically sponsored or endorsed by a specific (local) government (might be though…who knows for sure?) but they often originate from a foreign country. China, Russia and several other countries have a ‘wild west’ type environment that applies virtually ZERO legal threat to those people or resources that are actively developing ransom-ware, stealing personally identifiable information or using your network as a staging area for further destructive activities.
The two (2) biggest risks Nation State hackers represent to law firms include:
- Hijacking – Depending on the hacker’s goals (financial, information, etc.), they may be interested in using viruses and Trojan horses to hijack your computer so they can remotely control it for their own purposes. These purposes could be to harvest your information or to launch a bigger attack on another company.
- Terrorism – Some experts believe that terrorists will eventually launch an attack using hacking techniques.
While this may seem more like the movies than real world business, domestic corporate espionage is happening on a regular basis. With the legal industry having embraced the use of digital formats for its entire work product while leaving security protocols and standards at the bottom of the technology spending list, this type of hacker is likely to be seen more and more.
Truth is, it is easier than ever to pay a hacker to develop a malware program that will sit inside a firm’s network and report back any information deemed relevant. Moreover, it is not overly difficult to hire someone to design the software specifically for a legal network so common anti-virus and anti-malware programs will not pick up on them. The way viruses and malware are found are based on what’s called signatures (list of known programs that cause problems) and heuristics. When you pay for your anti-virus and anti-malware programs, you are paying for that company to do the research and find the code that is causing problems. They create signatures that mark the program as “bad” and block it.
It is also important to realize that most anti-virus solutions have reporting thresholds in place that have to be crossed before a defensive update is added to their software. In other words, it may take 1000 new virus infections before your anti-virus software builds an update to protect your network. It should be no surprise that the hacker community is often fully aware of these thresholds and will only release their malicious code in batches that keep their efforts below the radar of the bigger A/V solutions.
Hackers are smart enough to create viruses and malware that can change based on heuristics and signatures. This puts us in a situation that necessitates more stringent protection from all the unknown malware and anti-virus out there. Because of this gap in security, competitors can leverage that knowledge to get whatever they want with little money. If you are not taking every step you can to protect your proprietary information, you probably are just giving it away to anyone who is smart enough to take it.
Third-parties / Vendors
Outside parties and vendors also represent substantial security vulnerabilities for many firms. While your firm may choose to implement a robust Written Information Security Plan (WISP), if your vendors (with access to your firm data) fail to implement a similar program – your security program would likely not pass a reasonable defense test.
The best way to defend against your enemy is to know as much as you can about them. While no single solution will defend against all hackers, ensuring you have the right combination of education, processes and systems will go a long way to keeping your firm safe from today’s evolving cyber security threats.